Rate this:

Today I needed a list of users that:
– their logon looks like pXXXXXX (employees in our org)
– are not contacts
– are enabled
– are not members of Domain Admins group
– are not required to use smartcards

There is one thing I could not achive using the Filter parameter on Get-ADUser – the logon name pattern. I settled for selecting users with logon that starts with p in the Get-ADUser filter (samAccountName -Like “p*”) and then used a where-object condition with regex expression.

I found a little gotcha – when a user is not listed in any group the filter “(memberOf -ne $DomainsAdminsDn)” does not work. I will have to think of some other way to filter out Domain Admins members.